Dichromate[.]We

Sharing

Copy URL Twitter E-mail

General

Target

Dichromate.We
Size

436KB
MD5

af9e73703dcd0e7d15220e50ddbae040
SHA1

89ebf8a22a7598c3c2944abec632ecc98b5d820c
SHA256

2a67566a8aec9d59a72cb243c7fb719085e209f0489077230f857afa1e8ad7fb
SHA512

24cbfe744339f600538a14a98dd62d9b46c667af0e9a249601731491d01a190a58986a96eab11c449e28fcd080cf7b6156f447dd2b6a09a18846b7a6c78df0aa
SSDEEP

12288:UZcUmGsWdw0HCXs2rdu5B/WAN7rkKFoy1Q4PQX/7r2cEfarryCf82XRf5/HPjek0:sXYa2ywryCf82XRf5Kdo+mmtL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Dichromate.We

Files

Dichromate.We
.dll windows x86

Password: infected

3ba8fe7f15b4c29228ca037e866a6925

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CloseHandle
HeapSize
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LoadLibraryA
VirtualAlloc
HeapReAlloc
HeapAlloc
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
WriteFile
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleW
HeapFree
Sleep
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
GetCurrentProcess
TerminateProcess
GetCommandLineA
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
GetLastError
GetSystemTime
SystemTimeToFileTime
SetLastError

Exports

Exports

kIO_f_ssl
kIO_new_buffer_ssl_connect
kIO_new_ssl
kIO_new_ssl_connect
kIO_ssl_copy_session_id
kIO_ssl_shutdown
kTLS_client_method
kTLS_method
kTLS_server_method
kTLSv1_2_client_method
kTLSv1_2_method
kTLSv1_2_server_method
kTLSv1_client_method
kTLSv1_method
kTLSv1_server_method
kRR_load_SSL_strings
kEM_read_SSL_SESSION
kEM_read_bio_SSL_SESSION
kEM_write_SSL_SESSION
kEM_write_bio_SSL_SESSION
kRP_Calc_A_param
kRP_generate_client_master_secret
kRP_generate_server_master_secret
kSL_CIPHER_description
kSL_CIPHER_find
kSL_CIPHER_get_bits
kSL_CIPHER_get_id
kSL_CIPHER_get_name
kSL_CIPHER_get_version
kSL_COMP_add_compression_method
kSL_COMP_free_compression_methods
kSL_COMP_get_compression_methods
kSL_COMP_get_name
kSL_COMP_set0_compression_methods
kSL_CONF_CTX_clear_flags
kSL_CONF_CTX_finish
kSL_CONF_CTX_free
kSL_CONF_CTX_new
kSL_CONF_CTX_set1_prefix
kSL_CONF_CTX_set_flags
kSL_CONF_CTX_set_ssl
kSL_CONF_CTX_set_ssl_ctx
kSL_CONF_cmd
kSL_CONF_cmd_argv
kSL_CONF_cmd_value_type
kSL_CTX_SRP_CTX_free
kSL_CTX_SRP_CTX_init
kSL_CTX_add_client_CA
kSL_CTX_add_client_custom_ext
kSL_CTX_add_server_custom_ext
kSL_CTX_add_session
kSL_CTX_callback_ctrl
kSL_CTX_check_private_key
kSL_CTX_ctrl
kSL_CTX_flush_sessions
kSL_CTX_free
kSL_CTX_get0_certificate
kSL_CTX_get0_param
kSL_CTX_get0_privatekey
kSL_CTX_get_cert_store
kSL_CTX_get_client_CA_list
kSL_CTX_get_client_cert_cb
kSL_CTX_get_ex_data
kSL_CTX_get_ex_new_index
kSL_CTX_get_info_callback
kSL_CTX_get_quiet_shutdown
kSL_CTX_get_ssl_method
kSL_CTX_get_timeout
kSL_CTX_get_verify_callback
kSL_CTX_get_verify_depth
kSL_CTX_get_verify_mode
kSL_CTX_load_verify_locations
kSL_CTX_new
kSL_CTX_remove_session
kSL_CTX_sess_get_get_cb
kSL_CTX_sess_get_new_cb
kSL_CTX_sess_get_remove_cb
kSL_CTX_sess_set_get_cb
kSL_CTX_sess_set_new_cb
kSL_CTX_sess_set_remove_cb
kSL_CTX_sessions
kSL_CTX_set1_param
kSL_CTX_set_alpn_protos
kSL_CTX_set_alpn_select_cb
kSL_CTX_set_cert_cb
kSL_CTX_set_cert_store
kSL_CTX_set_cert_verify_callback
kSL_CTX_set_cipher_list
kSL_CTX_set_client_CA_list
kSL_CTX_set_client_cert_cb
kSL_CTX_set_client_cert_engine
kSL_CTX_set_cookie_generate_cb
kSL_CTX_set_cookie_verify_cb
kSL_CTX_set_default_passwd_cb
kSL_CTX_set_default_passwd_cb_userdata
kSL_CTX_set_default_verify_paths
kSL_CTX_set_ex_data
kSL_CTX_set_generate_session_id
kSL_CTX_set_info_callback
kSL_CTX_set_msg_callback
kSL_CTX_set_next_proto_select_cb
kSL_CTX_set_next_protos_advertised_cb
kSL_CTX_set_psk_client_callback
kSL_CTX_set_psk_server_callback
kSL_CTX_set_purpose
kSL_CTX_set_quiet_shutdown
kSL_CTX_set_session_id_context
kSL_CTX_set_srp_cb_arg
kSL_CTX_set_srp_client_pwd_callback
kSL_CTX_set_srp_password
kSL_CTX_set_srp_strength
kSL_CTX_set_srp_username
kSL_CTX_set_srp_username_callback
kSL_CTX_set_srp_verify_param_callback
kSL_CTX_set_ssl_version
kSL_CTX_set_timeout
kSL_CTX_set_tlsext_use_srtp
kSL_CTX_set_tmp_dh_callback
kSL_CTX_set_tmp_ecdh_callback
kSL_CTX_set_tmp_rsa_callback
kSL_CTX_set_trust
kSL_CTX_set_verify
kSL_CTX_set_verify_depth
kSL_CTX_use_PrivateKey
kSL_CTX_use_PrivateKey_ASN1
kSL_CTX_use_PrivateKey_file
kSL_CTX_use_RSAPrivateKey
kSL_CTX_use_RSAPrivateKey_ASN1
kSL_CTX_use_RSAPrivateKey_file
kSL_CTX_use_certificate
kSL_CTX_use_certificate_ASN1
kSL_CTX_use_certificate_chain_file
kSL_CTX_use_certificate_file
kSL_CTX_use_psk_identity_hint
kSL_CTX_use_serverinfo
kSL_CTX_use_serverinfo_file
kSL_SESSION_free
kSL_SESSION_get0_peer
kSL_SESSION_get_compress_id
kSL_SESSION_get_ex_data
kSL_SESSION_get_ex_new_index
kSL_SESSION_get_id
kSL_SESSION_get_time
kSL_SESSION_get_timeout
kSL_SESSION_new
kSL_SESSION_print
kSL_SESSION_print_fp
kSL_SESSION_set1_id_context
kSL_SESSION_set_ex_data
kSL_SESSION_set_time
kSL_SESSION_set_timeout
kSL_SRP_CTX_free
kSL_SRP_CTX_init
kSL_accept
kSL_add_client_CA
kSL_add_dir_cert_subjects_to_stack
kSL_add_file_cert_subjects_to_stack
kSL_alert_desc_string
kSL_alert_desc_string_long
kSL_alert_type_string
kSL_alert_type_string_long
kSL_cache_hit
kSL_callback_ctrl
kSL_certs_clear
kSL_check_chain
kSL_check_private_key
kSL_clear
kSL_connect
kSL_copy_session_id
kSL_ctrl
kSL_do_handshake
kSL_dup
kSL_dup_CA_list
kSL_export_keying_material
kSL_extension_supported
kSL_free
kSL_get0_alpn_selected
kSL_get0_next_proto_negotiated
kSL_get0_param
kSL_get1_session
kSL_get_SSL_CTX
kSL_get_certificate
kSL_get_cipher_list
kSL_get_ciphers
kSL_get_client_CA_list
kSL_get_current_cipher
kSL_get_current_compression
kSL_get_current_expansion
kSL_get_default_timeout
kSL_get_error
kSL_get_ex_data
kSL_get_ex_data_X509_STORE_CTX_idx
kSL_get_ex_new_index
kSL_get_fd
kSL_get_finished
kSL_get_info_callback
kSL_get_peer_cert_chain
kSL_get_peer_certificate
kSL_get_peer_finished
kSL_get_privatekey
kSL_get_psk_identity
kSL_get_psk_identity_hint
kSL_get_quiet_shutdown
kSL_get_rbio
kSL_get_read_ahead
kSL_get_rfd
kSL_get_selected_srtp_profile
kSL_get_servername
kSL_get_servername_type
kSL_get_session
kSL_get_shared_ciphers
kSL_get_shared_sigalgs
kSL_get_shutdown
kSL_get_sigalgs
kSL_get_srp_N
kSL_get_srp_g
kSL_get_srp_userinfo
kSL_get_srp_username
kSL_get_srtp_profiles
kSL_get_ssl_method
kSL_get_verify_callback
kSL_get_verify_depth
kSL_get_verify_mode
kSL_get_verify_result
kSL_get_version
kSL_get_wbio
kSL_get_wfd
kSL_has_matching_session_id
kSL_is_server
kSL_library_init
kSL_load_client_CA_file
kSL_load_error_strings
kSL_new
kSL_peek
kSL_pending
kSL_read
kSL_renegotiate
kSL_renegotiate_abbreviated
kSL_renegotiate_pending
kSL_rstate_string
kSL_rstate_string_long
kSL_select_next_proto
kSL_set1_param
kSL_set_SSL_CTX
kSL_set_accept_state
kSL_set_alpn_protos
kSL_set_bio
kSL_set_cert_cb
kSL_set_cipher_list
kSL_set_client_CA_list
kSL_set_connect_state
kSL_set_debug
kSL_set_ex_data
kSL_set_fd
kSL_set_generate_session_id
kSL_set_info_callback
kSL_set_msg_callback
kSL_set_psk_client_callback
kSL_set_psk_server_callback
kSL_set_purpose
kSL_set_quiet_shutdown
kSL_set_read_ahead
kSL_set_rfd
kSL_set_session
kSL_set_session_id_context
kSL_set_session_secret_cb
kSL_set_session_ticket_ext
kSL_set_session_ticket_ext_cb
kSL_set_shutdown
kSL_set_srp_server_param
kSL_set_srp_server_param_pw
kSL_set_ssl_method
kSL_set_state
kSL_set_tlsext_use_srtp
kSL_set_tmp_dh_callback
kSL_set_tmp_ecdh_callback
kSL_set_tmp_rsa_callback
kSL_set_trust
kSL_set_verify
kSL_set_verify_depth
kSL_set_verify_result
kSL_set_wfd
kSL_shutdown
kSL_srp_server_param_with_username
kSL_state
kSL_state_string
kSL_state_string_long
kSL_use_PrivateKey
kSL_use_PrivateKey_ASN1
kSL_use_PrivateKey_file
kSL_use_RSAPrivateKey
kSL_use_RSAPrivateKey_ASN1
kSL_use_RSAPrivateKey_file
kSL_use_certificate
kSL_use_certificate_ASN1
kSL_use_certificate_file
kSL_use_psk_identity_hint
kSL_version
kSL_want
kSL_write
kSLv23_client_method
kSLv23_method
kSLv23_server_method
kSLv2_client_method
kSLv2_method
kSLv2_server_method
kSLv3_client_method
kSLv3_method
kSLv3_server_method
kLSv1_1_client_method
kLSv1_1_method
kLSv1_1_server_method
kLSv1_2_client_method
kLSv1_2_method
kLSv1_2_server_method
kLSv1_client_method
kLSv1_method
kLSv1_server_method
k2i_SSL_SESSION
k2d_SSL_SESSION
print

Sections

.text
Size: 245KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

3ba8fe7f15b4c29228ca037e866a6925

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 245KB - Virtual size: 244KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 13KB - Virtual size: 12KB

.text
Size: 245KB - Virtual size: 244KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 13KB - Virtual size: 12KB